Skip to content

Overview

The Node Manifest is the per-platform mission contract for a single node and a specific time window. It translates human intent into a portable, machine-readable object that a runtime can enforce and later audit.

In the current 0.2.0 specification, the manifest is deliberately constrained to the "envelope, tenants, and mission" layer. Each document states which schema it follows, what kind of object it is, which unique manifestId it carries, which node it is bound to, when it was issued, and optionally the time window in which it is intended to be applied. It may also declare which tenants the manifest is intended to serve, via a simple tenancy block, and a mission block that captures mission identity, window, and region. Each manifest may also declare which mission fabric profile and runtime ABI it targets, and which hashed policy bundles it was compiled against, via a small profile and contracts block. The normative semantics for the envelope fields and the rules for selecting which manifest is in force at a given time are described in spec/ENVELOPE-v0.2.0.md. The semantics for the tenancy block are described in spec/TENANCY-v0.2.0.md. The semantics for the mission block are described in spec/MISSION-v0.2.0.md. The semantics for the profile and contracts block are described in spec/CONTRACTS-v0.2.0.md. Later versions will fill in the richer mission content under that envelope; for now, the goal is to make the identity, node binding, temporal scope, tenant set, mission slice, and compilation context explicit and stable. The repository also includes a minimal reference helper for selecting which manifest is in force for a node at a given time. A worked envelope scenario is available in spec/SCENARIO-ENVELOPE-mq9b-v0.2.0.md, with JSON fixtures under examples/. A multitenant variation is described in spec/SCENARIO-TENANCY-mq9b-v0.2.0.md, using the tenancy block to name multiple federal principals on the same sortie. A mission scenario is described in spec/SCENARIO-MISSION-mq9b-v0.2.0.md, showing a WGS84 mission region and mission window tied to the same MQ-9B thread.

It solves a narrow but critical problem: describing what a node is allowed and obliged to do, on behalf of named tenants, under explicit constraints, in a way that is stable across platforms and vendors. The manifest is designed to be compared against reality later, so it is both normative and evidence-aware.

Where it sits

The manifest is produced by higher-level intent tooling (the Commander) and consumed by the per-node execution environment (the Mission Domain Runtime). Conceptually it is "intent in, receipts out": the runtime enforces the contract during execution and emits evidence that can later be verified against it.

Boundaries

This repository does not implement autonomy, flight control, or mission planning. It does not define C2 user interfaces and it does not model multi-node or fleet-level intent. It is strictly the schema, reference bindings, and documentation for the per-node contract.